# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Contributor: Orion <systmkor@gmail.com>
# Maintainer: Orion <systmkor@gmail.com>
#
# secfixes:
#   3.4.3-r0:
#     - CVE-2022-0778
#   3.1.5-r0:
#     - CVE-2020-1971
#   2.7.4-r0:
#     - CVE-2018-0732
#     - CVE-2018-0495
#   2.5.3-r1:
#     - CVE-2017-8301
#
pkgname=libressl
pkgver=3.8.4
_namever=${pkgname}${pkgver%.*}
pkgrel=0
pkgdesc="Version of the TLS/crypto stack forked from OpenSSL"
url="https://www.libressl.org/"
# s390x: does not build there anymore due to missing arch detection and arch code
# even with asm disabled
# loongarch64: upstream does not support
arch="all !s390x !loongarch64"
license="custom"
pcprefix="libressl:"  # avoid mix up with openssl pkg-config
sonameprefix="libressl:"  # avoid mix up with libretls
#makedepends_build="automake autoconf libtool"
makedepends_host="linux-headers"
makedepends="$makedepends_host $makedepends_build"
subpackages="$pkgname-dbg $_namever-libcrypto:_libs $_namever-libssl:_libs
	$_namever-libtls:_libs $pkgname-dev $pkgname-doc $pkgname-nc"
source="https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-$pkgver.tar.gz 0001-libressl.cnf.patch"

#prepare() {
#	default_prepare
#
#	autoreconf -vif
#}

build() {
	CFLAGS="-L$CBUILDROOT/usr/lib $CFLAGS" \
	./configure \
		--build=$CBUILD \
		--host=$CHOST \
		--with-sysroot=$CBUILDROOT \
		--prefix=/usr \
		--sysconfdir=/etc \
		--mandir=/usr/share/man \
		--localstatedir=/var \
		--enable-nc \
		--program-prefix "libressl-"
	make
}

check() {
	make check
}

package() {
	make DESTDIR="$pkgdir" install
	install -Dm644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING

	# Remove symlinks that point to OpenSSL man pages.
	# The symlink creation does not account for --program-prefix.
	find -L "$pkgdir"/usr/share/man/man3/ -type l -delete

	cd "$pkgdir"

	# compatibility symlink (binary was called libressl previously).
	ln -s libressl-ocspcheck "$pkgdir"/usr/bin/ocspcheck
	ln -s libressl-ocspcheck.8 "$pkgdir"/usr/share/man/man8/ocspcheck.8
	ln -s libressl-openssl "$pkgdir"/usr/bin/libressl
	ln -s libressl-openssl.1 "$pkgdir"/usr/share/man/man1/libressl.1

	# Provided by ca-certificates-cacerts
	rm etc/ssl/cert.pem
	rmdir etc/ssl/certs

	mv etc/ssl/openssl.cnf etc/ssl/libressl.cnf
}

nc() {
	pkgdesc="libressl TLS-enabled nc(1)"

	mkdir -p "$subpkgdir"/usr/bin
	mv "$pkgdir"/usr/bin/libressl-nc "$subpkgdir"/usr/bin/nc
}

_libs() {
	local name="${subpkgname#$_namever-}"
	pkgdesc="libressl $name library"
	depends=""

	amove usr/lib/$name.so.*

	if [ "$name" = "libcrypto" ]; then
		amove etc
	fi
}

sha512sums="
b8986a9e2c0a1f912770d2e55ed39b3ca0c072b8c98ecf2d22a3d36768c36b6f4588698dd248d8b585db1bd0a74f8995cc09a0ca3e707e680d87d4fa169f8941  libressl-3.8.4.tar.gz
aefa5dc99345462a93f97061fdee6b5b148eed30c4bf7a7097ade8cef9dd890d8d7100558d5e1ebe6790372261c76ce04a874526cb521dea068ec1439259a035  0001-libressl.cnf.patch
"
